2005-cell-skimmers

What are Skimmers?

A skimmer is a device that gets between your device and the intended reader. A sort of unintended middleman, they can be completely fake, but look like a part of a legitimate system such as an ATM, or may be a point-of-sale (POS) terminal or they can be a real system that has been compromised to act as a skimmer.

This page deals with interception and tracking of cell phone systems. For ATM and Point-of-Sale (POS) Skimmers see https://nc3.mobi/references/2005-skimmers/

7/31/2010 Cell Tower Spoof

At the Shmoocon security conference in Washington D.C. security researcher Chris Paget created an interceptor (also called IMSI catchers) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. The device disables encryption, captures phone ID data, records call content and meta-details. Calls are attracted by a stronger signal than existing towers. Stronger security transmission protocols could be jammed forcing a fallback to less secure systems. The $1,500 price tag included the laptop computer used. (source)

For need-to-be-secure transactions security needs to be in the message itself. The transmission method might not be secure.

7/15/2013 Femtocell General Hack

A femtocell is a device used by service provides to extend cell phone range to zones that have low or no coverage such as the top of apartment buildings. Undetected for “years” these devices have a gaping security hole that allows for third parties to record voice conversations, record browsing history, record text messages, as well as view images and other attachments, “…everything your phone would send to a cell phone tower.” Think a moment: If you enter your password, if you click on a button, all that is transmitted and becomes vulnerable. According to ISEC the attack isn’t very sophisticated. People are learning the skills in school and don’t need more equipment than they’d have at home.
 
This means that any mobile phone based transaction that depends on the security of the connection is vulnerable. By definition such connections have to adhere to a standard, they all have to work the same way or no communication takes place. Compare this to the security of an attachment which works differently for each transaction. The hack for one does not hack all. (source)
 
How many transmissions were hacked? No one knows.

9/17/2014 Rogue Cell Towers in DC

More than a dozen fake cell towers were discovered in the Washington D.C. area by engineers of ESD America who make the ultra-secure CryptoPhone. Why is this a concern? Once a device connects via this interceptor that middleman can listen on calls and copy messages. In some cases it can install software onto the device which can co-opt its functions in the future. Three of those towers were on Pennsylvania Avenue. (source)

For financial or other need-to-be-secure transactions the security needs to be in the authorization message itself. The transmission method might not be secure.

10/14/2014  Look! Up in the air!

When you activate your cell phone you are trying to connect to your carrier to make a call, make ready to receive a call, send or receive texts, that sort of thing. So, when you connect are you connected to your carrier? Maybe not. Digital Receiver Technology (DRT) Inc. makes a “dirtbox”, a form of software defined radio (SDR), which does much the same thing, but they are not your carrier.

As described above rogue cells towers pose a real hazard by putting themselves between you are your carrier in what is called a man-in-the-middle (MITM) attack. It appears that the Justice Department has taken the concept mobile with an airborne version “… the he government flies airplanes equipped with the device over large metropolitan areas. The Dirtbox collects the cellular IDs and locations of every phone within range as it circles overhead.” [ emphasis ours – ed ] Legal? Read more …

12/29/2014  Cell Signal Protocol Vulnerable

In a presentation at Chaos Communication Congress 31c3 in Hamburg, Germany Mapping Vulnerability of the International Mobile Roaming Infrastructure, Karsten Nohl reported “SS7 [the signaling protocol] has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud.” See ZDNet which has links to videos of the presentation.

4/20/2015 Cell Threat Detector

In addition to criminally placed cell signal interceptors there are such devices placed by law enforcement to covertly monitor and track cell phones and their users. This class of interception technology are called “stingrays” which is also product name. The existence of these systems is something the law enforcement community wants to keep secret (more).

Like the system demonstrated in July 2010 stingrays started by jamming more secure 3G and 4G systems forcing a fallback to the less secure 2G systems which are going to be unsupported by 2017. An upgrade will be able to track 4G LTE. (more)

The technology is becoming available to detect these interceptors so you have a chance to know if your call is being captured for purposes you didn’t intend. (source) Not yet available – who is running that interceptor, the crooks or the cops?

4/20/2015 Stingray causes cases to be dismissed

Law enforcement use a cell phone simulator that captures cell phone records by tricking cell phones into thinking they are connecting to a cell phone tower. The simulator is called a “Stingray” and convinces the phone to provide information. The Stingray can get priority over the cell tower, so a person connected via the Stingray can be used to deny a connection to make a call, even to 9-1-1.

The problem lies with the manufacturer who extracts contractual agreement with law enforcement that their technology never be revealed, even to a judge. Rule 16 of the Federal Rules of Criminal Procedure provides that the prosecution must disclose certain elements to the defense. That includes inspection of equipment if the prosecution intends to use it. So, cases prepared based on Stingray, might not be able to use Stingray for prosecution. More…

TITLE IV. ARRAIGNMENT AND PREPARATION FOR TRIAL
Rule 16. Discovery and Inspection
  (a) Government’s Disclosure.
   (1) Information Subject to Disclosure.

    (F) Reports of Examinations and Tests. Upon a defendant’s request, the government must permit a defendant to inspect and to copy or photograph the results or reports of any physical or mental examination and of any scientific test or experiment if:

      (i) the item is within the government’s possession, custody, or control;

      (ii) the attorney for the government knows—or through due diligence could know—that the item exists; and

      (iii) the item is material to preparing the defense or the government intends to use the item in its case-in-chief at trial. [ Source Cornell Law highlighting ours -ed ]

9/03/2015 Warrants Required for Some

The Justice Department announced that federal agents will be required to seek warrants before using equipment to locate and track cellphones. The equipment is a cell-tower simulator called StingRay that can force phones into connecting with it and allowing determination of the phone’s location. The concern is that the same simulator connects to other callers who are not suspected of any crime. The simulator can capture calls, texts, emails, even browsing, any traffic sent via cell phone.

The details of StingRay are protected by confidentiality agreements. (see earlier post) Some state and local entities have been barred from even disclosing the use of the devices, even to criminal defendants, which can make prosecution problematic if the intercept is the root for fruit of the poisonous tree. The rules affect only federal agents and not state or local law enforcement agencies except if those agencies are in a joint operation with task force with federal authorities. (Source NPR)

12/03/2015  IRS Stingray(s)

In late November 2015 the IRS commissioner wrote (2 page PDF) to a senator that the IRS has used its cell-site simulator (singular), first deployed in early 2012, in support of federal grand jury investigations, assisted in non-IRS federal and state investigations.

According to the commissioner there is only one device acquired in October 2011. The purchase of a second unit was started in July 2015, but has not yet been complete. Yet, in October 2015. the Guardian reported two purchases, one on 2009 (not 2011) and a second in 2012 (not 2015). Say what? See Sophos article.

1/29/2016  Surveillance at Disneyland, Classified

The California Anaheim Police Department tracks millions of mobile users, including all those in Disneyland, the House of the Mouse.

According to a document (464 page PDF) the Anaheim Police Department (APD) knew just what they wanted. “.. high tech equipment … that allows Law Enforcement to conduct covert surveillance …” and it was a “covert purchase”. The price? Over $350,000 in October 2011. There was a discount due to using a GSA-pricing schedule. (source page 5) A number of emails described, right in the subject line, “Covert Purchase”. Was that secure email? (source page 10). The “Request for Check Form” number 1523678 clearly lists the payee as Harris Corporation and in the description says “Payment for Covert Surveillance.” (source page 25)

After all that, a letter from the US Department of Justice / FBI dated 8/17/2011 to the APD contains paragraph numbered 5 where the APD will not, in any civil or criminal proceeding, use or provide any information concerning the Harris Corporation wireless collection … including during pre-trial, in search warrants, affidavits, in discovery, in response to court ordered disclosure, in grand jury hearings, during the case-in-chief, rebuttal, appear or in testimony without prior written approval of the FBI. Further the APD will, at the request of the FBI, seek dismissal of the case in lieu of using or providing the information. (source pages 33 to 35).

So, when some attorney asks “How did you learn of the plot to do evil?” the police can’t say “We used our Harris Dirtbox to listen to their plots. Here is the recording.” They say “We can’t answer”. The judge orders “answer”. The prosecutor seeks to have the case dismissed and the bad guys get away.

Wireless carriers use various encryptions to protect the privacy of cellphone data communication. These are built into GSM 2G, 3G, 4G and LTE networks. GSM is nearly 30 years old and is considered “weak” protection. More modern 3G, 4G and Long Term Evolution (LTE) networks use “stronger” encryption standards. The stronger allows a fallback to GSM if the stronger can’t connect.

These surveillance devices are reported capable of monitoring tens of thousands of communications at the same time. Other device reportedly in service are multiple Stingray devices with capability to monitor LTE. If that device isn’t available the higher capability services can be jammed forcing a fall back to what can be monitored. Yes, you paid a lot for the latest and greatest and that capability can get taken from you without notice and without recourse.

For more see the excellent article at TheHackerNews.

2/11/2016  NYPD stings without warrants

Between 2008 and mid-2015 the NYPD used Stingrays over 1,000 times without obtaining warrants.

Not previously disclosed, NYPD use means that New Yorkers who simply carry a cell phone are being swept up in the broad based scans done by the technology. While warrants were not obtained the NYPD did often obtain a “pen register order” which does not require “probably cause”, only that there is an ongoing criminal investigation. To put the two in relation, the US Department of Justice issued a policy to obtain warrants and that a pen register order was insufficient protection for the privacy of non-suspects. The NYPD does not have a policy guiding the use of these devices. More … Also available is partially redacted log of intercepts (25 page PDF).

2/17/2016  FBI vs Apple / 4th Amendment vs All Writs

[ This is related to cell phone security -ed ]

In an open letter to Apple’s customers Tim Cook summarizes a current situation in which the United States government has demanded that Apple take a step which might compromise the security for Apple products. The end of the first paragraph is “We oppose this order, which has implications far beyond the legal case at hand.”

What happened? There is no question that a criminal from San Bernadino California had an iPhone 5C with a self-destruct security mode. After a set number of failed password attempts the phone will wipe itself clean. The FBI has requested or demanded Apple’s assistance in bypassing the security. Apple is resisting.

Considerations There are several considerations. In no particular order, do privacy rights survive death? Who is the lawful owner of the phone? Is there a will? Is there an heir? Has the phone become the property of the state? Is it seized evidence such the owner (or their heir) lost their right to privacy?

Given the original owner is no longer among the living consider, had the owner lived could the owner be compelled to provide the phone’s password? Can an heir? The Fifth Amendment protects you from being compelled to reveal the contents of your mind, not from being compelled to surrender evidence. As an example: If the police demand that you give them the lockbox key that happens to contain incriminating evidence, turning over the key is a physical act that doesn’t reveal anything you know. On the other hand, if police order you to divulge the combination to a wall safe, your response would reveal the contents of your mind and Fifth Amendment protections would apply. Memory-based authenticators (like PINs and passwords) are the type of fact benefiting from strong Fifth Amendment protection. (See related article under Biometrics) Presuming no living person has the information, or could be compelled to provide it, how can the Department of Justice compel Apple’s assistance?

4th Amendment vs All Writs Act To obtain the information from the phone and to compel Apple’s assistance the Justice Department did not address the concerns of the Fourth Amendment which says

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. (source)

There exists something called The All Writs Act which, like the Fourth Amendment, is short.

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction. (source)

AWA was created in the Judiciary Act of 1789 and updated in the 1900s. The AWA grants federal courts the authority to issue court orders called “writs” that are “necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Essentially a writ may compel the assistance of a third party to execute an order of the court.

In October 2015, in the US District Court, Eastern District of New York, as regards an order to compel Apple to assist in a search warrant, Judge Orenstein doubted the AWA was applicable. (See his memorandum and order 11 page PDF.)

What are the implications? In this balancing between personal freedoms and the state’s right to pursue evidence a success by Apple preserves the freedoms. If the state is successful in this single regard it opens the door to compel Apple to include such features in anticipation of future needs of the state. That is a defeat for the freedoms. The argument that only those with something to hide need privacy is well skewered in this TED talk from October 2014 on Why Privacy Matters. There is a video 20m 37s and a transcript.

In our opinion We have general dislike of law-breakers. We have a specific repugnance for murderers. The movement toward diluting our freedoms on a wide scale, even in response to a threat, real or imagined, is antithetical to the principles on which this country was founded. If law enforcement wishes to defeat privacy or security embodied in an element of technology let them develop those capabilities themselves or hire a surrogate as they have done for Stingrays and DirtBoxes as described above. Use the existing judicial process to obtain warrants as required.

Compelling a manufacturer to defeat their own security and privacy in anticipation of a future need to prosecute law-breakers deprives the law-abiding of their freedoms. Criminals should be prosecuted. The law abiding should not suffer their fate. The need for narrow application is considerable lest we become unclear when a company, public or private, become an organ of the state.

Despite the Justice Department’s assertion that this writ was “narrowly tailored” we agree with Mr. Cook’s contention that this situation has implications far beyond the legal case at hand.

Perhaps it is a universal truth that the loss of liberty at home is to be charged to provisions agst. danger real or pretended from abroad.

–James Madison, letter to Thomas Jefferson, May 13, 1798 in: Writings of James Madison, p. 588 (Library of America ed. 1999), in: The Letters and Other Writings of James Madison, vol. 2, p. 141 (J. Lippincott ed. 1865). Source

CNN is updating this story as new information is available.

2/17/2016 Update  Dr. Weaver

Dr. Nicholas Weaver is a well respected senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California. He wrote the below in the LawfareBlog.

The request to Apple is accurately paraphrased as “Create malcode designed to subvert security protections, with additional forensic protections, customized for a particular target’s phone, cryptographically sign that malcode so the target’s phone accepts it as legitimate, and run that customized version through the update mechanism”. (I speak of malcode in the technical sense of “code designed to subvert a security protection or compromise the device”, not in intent.)

The same logic behind what the FBI seeks could just as easily apply to a mandate forcing Microsoft, Google, Apple, and others to push malicious code to a device through automatic updates when the device isn’t yet in law enforcement’s hand. So the precedent the FBI seeks doesn’t represent just “create and install malcode for this device in Law Enforcement possession” but rather “create and install malcode for this device”. (source)

There is much more, but he ends on a cautionary note with “The San Bernardino case, however, is not a tip-toe down a slippery slope but a direct leap into a dangerous world, one which would compromise all our security under an incredibly ambitious reading of the law.” [ emphasis ours -ed ]

2/18/2016 Update  FBI vs Apple / 4th Amendment vs All Writs

Privacy: The discussion above regarding privacy is perhaps moot because the smart phone in question was provided by the criminal’s employer for business use. Hopefully the employer had a policy either prohibiting personal use or disclosing there was no expectation of privacy.

Opening more doors: As discussed above, accessing one device is one thing, generally weakening all devices in anticipation of a future law enforcement need is another. The concept of “setting a precedent” is especially dangerous as non-US law enforcement may make the same request of Apple.

Liability Loses Focus: Companies who do not provide adequate security may be liable for the weaknesses in that security. What if that weakness was government imposed? Does that shield the company from liability? Does the government become liable?

New Liability: If Apple should fail and the information (if any) is lost what liability accrues to Apple? Does Apple have a responsibility to its shareholders to avoid that liability? Is Apple held harmless for actions it takes by requirement of the state? If there was no information to be uncovered does Apple become suspected of deliberately failing to recover it?

Reference: Survival | Global Politics and Strategy is a recurring publication of the International Institute for Strategic Studies (IISS) published six times a year. An included piece The darkness online | Cryptopolitik and the Darknet is online and available in HTML or a downloadable 33-page PDF, at no-charge, and no registration required. The topics are “why” of encryption and why some resources are available, but not in bright sunlight.

Founder Quote:

Those who would give up essential Liberty,
  to purchase a little temporary Safety,
    deserve neither Liberty nor Safety.

Benjamin Franklin on behalf of the Pennsylvania General Assembly

While a prodigious inventor and visionary did Franklin realize the implications in the 21st Century? Did he mean what we think he said or was he addressing another matter completely? Does that matter? There is an interesting discussion.

2/19/2016 Update  Parrying Brute Force

Even if Apple is forced to bypass the self destruct code, there is a way to parry brute force.

As of early 2016 it takes about 80 milliseconds (ms) for Apple to process a single password attempt plus an added pause. A very short time for humans, an eternity for some computers. With a numeric password length of 5 the possible passwords range from 00000 to 99999. That is 100,000 possibilities or 105. Using this table

80 < time per attempt (ms)
5 < password length
100,000 < Possibilities = 10^Password Length
8,000,000 < Test time (ms) = Possibilities * time per attempt
8,000 < Test time (sec) = ms / 1000
133.33 < Test time (min) = sec / 60
2.22 < Test time (hrs) = min / 60
0.09 < Test time (day) = hrs / 24
0.00 < Test time (years) = days / 365

 
at 80ms per attempt that takes just 2.2 hours to try them all. Expanding that password length to 11 gets 100 billion possibilities taking over 253 years to attempt them all. Even if the single password time is reduced to just 8ms per attempt that is still 25 years. (spreadsheet in ODS – no macros used)

2/19/2016 Update  Why Now?

Why is the Department of Justice making this effort at this time?

As discussed above perhaps they were waiting for a truly evil target that would gather little sympathy. Or, perhaps it was a case of a concerted effort by multiple federal agencies to find ways to crack security held by crooks and citizens alike.

About the latter possibility: earlier this morning Bloomberg reported that last fall pro-protection groups celebrated when the executive branch said it would not seek legislation forcing “backdoors”. That may have been true. What wasn’t revealed at that time was another plan in the works since Thanksgiving 2015. Agencies across government were ordered to find other ways to remove security from the citizenry.

“Going dark” is concern so often voiced by FBI Director James Comey and refuted in a well researched and presented counterpoint (see also a start to the story). Those alternatives were embraced by James Clapper, the US director of national intelligence. Still, this other plan was in the works, just waiting, until just now. Read more at Bloomberg.

2/19/2016 Update  Federal Prosecutors Fan Fire

Prosecutors for the Justice Department: Judge – “compel” Apple to “comply”.

Citing a refusal that “appears to be based on its concern for its business model and public brand marketing strategy,” rather than concern for due process and broader implications the prosecution is moving aggressively. Today’s filing (35 page PDF) at 10:06am Pacific Time was from Eileen M. Decker, a United States Attorney, Patricia A. Donahue, an Assistant US Attorney, Tracy L. Wilkison, an Assistant US Attorney and Chief of the Cyber and Intellectual Property Crimes Section and Allen W. Chiu, another Assistant US Attorney in the Terrorism and Export Crimes Section as a “motion to compel … Apple to comply” (Page 1, lines 26-27 of the filing). Source: NY Times.

[ That is a lot of legal people-power on the prosecution team and this is a fascinating document. The precedents and authorities are well researched. It is especially impressive considering only three days have elapsed since Mr. Cook made a public statement of intent on 2/16/2016. Was the research done in anticipation of Apple’s position? Still, the motion may backfire. Judges don’t like being told what to do and Magistrate Judge Sheri Pym of the Federal District Court for the Central District of California is unlikely to be different in that regard. -ed ]

2/19/2016 Update  McAfee to the rescue?

John McAfee might solve the problem.

A question has been posed: Is the target of the Justice Department’s writ the phone of murderers (which may or may not contain information) or was that phone the spark to initiate a plan against continued personal security as embodied by Apple and voiced by Tim Cook and other technology leaders?

Via an opinion-editorial now comes John McAfee with an offer:

So here is my offer to the FBI. I will, free of charge, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering, and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a back door in its product, which will be the beginning of the end of America.

If you doubt my credentials, Google “cybersecurity legend” and see whose name is the only name that appears in the first 10 results out of more than a quarter of a million. (more at the source)

[ For many years “McAfee” was a euphemism for anti-virus software. Mr. McAfee is an inventor with few peers. His offer alone has great value. If the Department of Justice declines then the question becomes did the DOJ ever truly care about this single phone to the extent they deployed such a well-credentialed legal team? Or, did the DOJ seize upon this single phone with its decidedly not sympathetic human handlers as the instigation to launch a previously planned operation to obtain access to information that had been previously unavailable under the personal privacy concepts embodied by Apple and voiced by Tim Cook and other technology leaders? We’ll see.

The battle over Apple’s compliance with a writ in the 20-teens reminds me of the civil rights movement of the 1960s. Today’s protest has a benefit in that it affects all of us without regard to race, creed, gender, national origin, sexual orientation, economic background, or anything that could divide the human race and any non-humans dwelling amongst us. And for anyone who thinks this issue does not affect them today, and for all their tomorrows? They’re just not paying attention, in our short-attention span, sound-bite-driven, entertain-me culture. It is a uniting event and, very sadly, unites us against our own government. -ed ]

2/20/2016 Update  Major Change

It isn’t the murderer’s passcode that needs cracking.

The iPhone 5C was backed up to the iCloud on 10/19/2015. As previously discussed Apple has the keys to that encrypted backup and the information was provided to the FBI. What wasn’t in the cloud was data from then to 12/12/2015, the date of the attack. Apple did suggest connecting the phone to the internet and have it back up to the iCloud account just as it had before.

So why won’t that work? Someone reset the Apple ID passcode. That makes the phone a “new device” with a new device ID. It won’t automatically synchronize until it is configured properly. No passcode means the device can’t be configured at all.

Who reset the pass code? “the Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device” (source)

[ ask Who changed the pass code? to this tempo video 3m 36s and apologies to the Baha Men. -ed ]

2/21/2016 Update  County had keys. Never installed lock

Apple provides tools for company administered phones. County paid, but didn’t use them.

Apple’s iOS contains support for mobile device management (MDM) which provides for many functions including the ability for a company to unlock a phone, remotely wipe all data in case the phone is stolen or lost, track the device, determine installed applications, check battery life and even push software to the phone. That password change functionality can be handy when the user changes the passcode and forgets it. Users can disable, or uninstall, MDM, but doing so notifies administrators. Wouldn’t that have been nice in this case? (SarcasmFontOn) If only the county had MDM! (SarcasmFontOff). Oh wait … the county paid for the software, but it was never installed. The question of personal privacy does not apply. This is a county owned phone and the rights of the county were disclosed when the phone was issued. More at source: CBS/AP

2/21/2016 Update  FBI director comments

The director of the Federal Bureau of Investigation issued a press release reiterating their position that this is a “narrow matter”.

2/22/2016 Update  Moving to Legislative Branch

Today Apple posted another public letter describing what it has done in the past, what they believe is being requested of them in the present and what they think it means for the future. It closes with “… some in Congress have proposed, form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms. Apple would gladly participate in such an effort.” which is an apparent reply to an invitation from the House Energy and Commerce Committee which was sent to both Apple and the FBI.

We invite you to testify before the Committee on Energy and Commerce, Subcommittee on Oversight and Investigations, about the issues presented by the ongoing debate related to encryption technologies.

Over the last year, with the growing availability and adoption of strong encryption measures by commercial technology providers, there has been an increasingly public and heated debate about the costs and benefits of encryption technologies, in particular, the impact these technologies have on law enforcement’s capabilities to investigate criminal conduct. …

This debate has now come to a critical juncture with the recent order by a federal magistrate to your company to assist the FBI in “unlocking” a security feature of a phone allegedly used by one of the perpetrators of terrorist acts in San Bernardino, California in December 2015. According to news reports, there are a number of other law enforcement officials around the country considering use of authorities to compel similar assistance by technology manufacturers. …

We anticipate this hearing will occur at the Committee’s earliest opportunity and we are grateful for your cooperation. (source)

2/23/2016 Update  Who changed the passcode? (redux)

Earlier reports indicated that officials of San Bernardino County changed the passcode unilaterally. The FBI acknowledged Saturday night that it had requested the reset (source).

This conflicts somewhat with the motion to compel filed 2/19/2016 by the US Attorney. It says “The owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely” (See lines 23 and 24 on PDF page 23. The page number at the center-bottom is 18 because source page numbering was restarted several times in the single document.) The mobile device management software (MDM) purchased by the county was not installed and the statement does not mention the request made by federal law enforcement.

A reset passcode blocked multiple Apple solutions including letting the device connect to a known network to make another backup in the iCloud where Apple can read it. As for why there should be no back doors see #NoBackDoors from Sophos.

2/23/2016 Update  One time only? Umm no.

The DOJ & FBI have repeatedly referred to their request of Apple as a one-time event.

In the motion to compel PDF page 7 lines 2 and 3 it says “The Order requires Apple to assist the FBI with respect to this single iPhone”. So the assertion that this order is narrow in scope is correct. In a press release the FBI reiterated their position that this is a “narrow matter”.

Missing from these very public pronouncements are any mention of prior or pending requests made of Apple for similar services. U.S. Magistrate Judge James Orenstein of a New York court (see prior story about Judge Orenstein’s expressed doubt on the applicability of the All Writs Act) unsealed court documents which indicate that the FBI requested Apple create a “back door” at least nine other times, and possibly more, since October 2015. In addition to New York and California, Apple indicated it has received similar requests to unlock multiple iPhone models from other jurisdictions including Illinois and Massachusetts. (more at the sources FastCompany and ComputerWorld)

2/24/2016 Update  Gates takes issue

Earlier yesterday Bill Gates had an interview with the Financial Times (narrative and video 3:28) and from that various other media outlets reported that Mr. Gates sided with the FBI. That was overly simplistic as Mr. Gates explained in another interview with Bloomberg (video 2:42) later that day.

Mr. Gates referred to times back to J. Edgar Hoover in which our government has historically taken information and used it “in ways we didn’t expect”. Government misuse of information at one end of a spectrum, Mr. Gates said that there’s a middle ground where safeguards do not make the government blind. The balance point is in the hands of the courts and Congress. In the meantime, “it gives us an opportunity to have a discussion”. (See also Naked Security / Sophos)

2/25/2016 Update  Can Apple be compelled to write code?

Just ahead of a deadline Apple filed a response that the government’s request violated the 1st and 5th Amendments.

The First Amendment The First Amendment supports free speech. More commonly interpreted to allow people to speak as they wish (with very few exceptions) it also protects people from being compelled to speak against their wishes. Simply put a court cannot compel someone to say “Blue is my favorite color” when they detest the color blue. Apple contents that writing code is protected speech and Apple writes only secure code. To compel it to write non-secure code would be an attempt to compel in violation of First Amendment protections.

There is one precedent on point that code is protected speech. In Bernstein vs. U.S. Department of Justice, the U.S. Court of Appeals for the Ninth Circuit ruled that the code in a developer’s software was protected by the First Amendment. Specifically he was able to discuss it without registering as an arms dealer and other requirements the absence of which could result in civil and criminal penalties.

The Fifth Amendment By being compelled to commit resources to this effort, and anticipated future efforts, Apple says the government’s request violates the Fifth Amendment protection to be free from “arbitrary deprivation of its liberty by government.” (Source)

2/25/2016 Update  Congressman agrees with Apple

At least one congressman agrees with Apple. (CNN video 4:10)

2/26/2016 Update  Precedent? If so, justified?

The Economist provides a clear discussion on two points.

Does FBI request set a precedent? FBI says no. It is a request to unlock a specific device. Apple says it is being asked to create software that does not currently exist. If the FBI prevails it sets a precedent that companies can be compelled by the state to write new operating instructions for their devices.

If a precedent, is it justified? Would security be weakened or strengthened if that code were created? In the short term, as regards one phone, for this one instance, there is little argument this is stronger security. Even though there may be nothing in the phone, examination makes for a more thorough investigation. In the longer term, it is not clear at all. Akin, albeit on a smaller scale, this is creation of the atomic bomb. Like a bell, it can’t be unrung, and the process of creation is a lot harder than duplicating the inventive steps. As described above there are hundreds of other phones in the US waiting to be cracked in this matter. Expanding the scope a little more how many are waiting to be cracked by other countries who have a lesser regard for privacy? Against a specific threat such tools might be justified, but against a general desire for more and more information on criminals and non-criminals the value is questionable. (the source is dated tomorrow because where they are, it is tomorrow compared to the USA)

2/26/2016 Update  New Phone

Apple is developing a new and more secure iPhone. NYTimes

2/29/2016 Update  NY case decided

In a New York case, Magistrate Judge James Orenstein denied the governments motion to require Apple’s assistance under the All Writs Act. This is the first page:

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF NEW YORK
MEMORANDUM AND ORDER
———————————————————-X
IN RE ORDER REQUIRING APPLE, INC. TO ASSIST IN THE EXECUTION OF A SEARCH WARRANT ISSUED BY THIS COURT. 15-MC-1902 (JO)
———————————————————-X
JAMES ORENSTEIN, Magistrate Judge:

The government seeks an order requiring Apple, Inc. (“Apple”) to bypass the passcode security on an Apple device. It asserts that such an order will assist in the execution of a search warrant previously issued by this court, and that the All Writs Act, 28 U.S.C. § 1651(a) (the “AWA”), empowers the court to grant such relief. Docket Entry (“DE”) 1 (Application). For the reasons set forth below, I conclude that under the circumstances of this case, the government has failed to establish either that the AWA permits the relief it seeks or that, even if such an order is authorized, the discretionary factors I must consider weigh in favor of granting the motion. More specifically, the established rules for interpreting a statute’s text constrain me to reject the government’s interpretation that the AWA empowers a court to grant any relief not outright prohibited by law. Under a more appropriate understanding of the AWA’s function as a source of residual authority to issue orders that are “agreeable to the usages and principles of law,” 28 U.S.C. § 1651(a), the relief the government seeks is unavailable because Congress has considered legislation that would achieve the same result but has not adopted it. In addition, applicable case law requires me to consider three factors in deciding whether to issue an order under the AWA: the closeness of Apple’s relationship to the underlying criminal conduct and government investigation; the burden the requested order would impose on Apple; and the necessity of imposing such a burden on Apple. As explained below, after reviewing the facts in the record and the parties’ arguments, I conclude that none of those factors justifies imposing on Apple the obligation to assist the government’s investigation against its will. I therefore deny the motion.[ Source 50 page Google Drive Doc highlighting ours -ed ]

There is considerably more material in the document. This decision isn’t binding on other courts. More at TheIntercept

3/02/2016 Update  We were right about DOJ timing

Back on 2/19/2016 we asked why is the Department of Justice was making the move to get a ruling on using the All Writs Act to compel Apple to break their own security at that time? Motherboard published a great article yesterday that describes multiple previous attempts. The article also brought clarity on what may be a glaring weakness in the application of AWA. It gives courts a broad and flexible authority only of those points that are not covered by statute.

This particular point was decided in an 8:1 decision by the US Supreme Court in Pennsylvania Bureau of Correction v. United States Marshals Service No. 84-489 Argued October 15, 1985 and Decided November 18, 1985 (decision in HTML and oral argument). From the decision

(c) The All Writs Act does not confer authority upon a federal court to issue an order such as the one at issue. An examination of the Act, its legislative history, and this Court’s past interpretations of the Act all support this conclusion. Although the Act empowers federal courts to [474 U.S. 34, 35] fashion extraordinary remedies when the need arises, it does not authorize them to issue ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate. Pp. 40-43. [ source highlighting ours -ed ]

So, is there an existing statute that applies? The 1994 Communications Assistance for Law Enforcement Act (CALEA) compelled “telephone companies” to design their networks to better support wiretapping. Why is “telephone companies” in quotes? Because CALEA distinguished them from “information service providers” and does not compel information service providers to do the same.

If Apple were a “telecommunications provider” so much the better.

CALEA 47 U.S. Code §1002 Section b Limitations
Paragraph (3) Encryption: A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication. [ Source: 47USC §1002 Highlighting ours – ed ]

So CALEA would appear to apply if Apple is an “information service provider” or a “telecommunications provider”. Thus it appears to be a statute that applies and the AWA can’t be used. If this is the case, as Judge Orenstein decided it was in New York, why does the Department of Justice continue to request it?

3/02/2016 Update  DOJ may have skipped a step

Did federal law enforcement make a request of other federal resources before applying under the All Writs Act? In their application the Department of Justice claimed that “there is no conceivable way” to extract information from the iPhone. When asked by Judge Orenstein if the entire government, including the intelligence community did or did not have the capability the response was “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime” which does not actually answer the question. The non-answer allowed the judge to decide the statement about “no way” was unsupported. See Financial Times

A few days later at a House Judiciary Committee meeting Directory Comey was asked how many other federal agencies the Federal Bureau of Investigation had asked for help. Comey replied that people who watch too much television exaggerated the technical capabilities of federal agencies. Not exactly a direct answer, and there was a followup question to which he did directly respond: No, the NSA could not do it. See The Hacker News

3/02/2016 Update  Are Apple Engineers at risk for kidnapping?

The director of the FBI was testifying at the House Judiciary Committee hearing on “The Encryption Tightrope: Balancing Americans’ Security and Privacy”. He had prepared remarks (5 page PDF) (5:31 of the meeting is on YouTube That is five and half hours, not minutes) He asked “What If Apple engineers are kidnapped and forced to write [exploit] code?” More at The Hacker News

[ The question sounds like an excellent argument for security unbreakable, even if the engineers are being coerced. -ed ]

3/02/2016 Update  Proposed Foreign Legislation

A member of France’s Socialist Party has submitted an amendment to an counterterrorism bill that proposed a million Euro (about $1.08M USD) fine for every the maker (primarily Apple and Google) refuses to unlock when requested by law enforcement. The Hacker News

[ France has rejected backdoors in the name of privacy and have essentially called the weakening of security a bad idea. Remark by Mme. Axelle Lemaire, a Secretary of State and Minister for Digital Affairs:

With a backdoor, “personal data are not protected at all,” said Axelle Lemaire remark. “Even if the intention [to empower the police] is laudable, it also opens the door for players who have less laudable intentions, not to mention the potential economic damage to damage the credibility of companies that provide these flaws.” “You are right in the debate, but this is not the right solution according to the government’s opinion,” concluded the Secretary of State. (source Translated by Google)

The future of the proposed legislation is in doubt. -ed ]

3/05/2016 Update  US SecDef, SecState, UN support strong encryption

The Secretary of Defense, Ashton Carter, is concerned that the same techniques could be used by other nations or hackers to compromise government phones and that law enforcement from other countries, friendly or less so, could request the same assistance. At the RSA conference Secretary Carter said “We have to innovate our way to a sensible result. And we need to do that because you can easily think of alternatives. One is a law written by people who don’t have the technical expertise, one written in anger or grief, and that’s not likely to work.” He also said “”I’m not a believer in backdoors or a single technical approach to a complex problem. … we’re foursquare behind data security including strong encryption.” This puts him at odds with Attorney General Lynch and FBI Director Comey who want no secrets kept from them.

The Secretary of State is in support of strong encryption. So is the United Nations high commissioner for human rights who warned forcing Apple to unlock iPhones helping authoritarian governments and jeopardizing the security of millions around the world. Trying to crack phone “risk[s] unlocking a Pandora’s box” and that there were “extremely damaging implications” for the rights of many millions of people, with possible effects on their physical and financial security. “A successful case against Apple in the U.S. will set a precedent that may make it impossible for Apple or any other major international I.T. company to safeguard their clients’ privacy anywhere in the world” “It is potentially a gift to authoritarian regimes, as well as to criminal hackers.” More…

3/08/2016 Update  DOJ appeals

The Department of Justice appealed the decision made last week by Magistrate Judge James Orenstein of the Federal District Court for the Eastern District of New York. DOJ: “Apple is not being asked to do anything it does not currently have the capability to do,” More at …

[ The DOJ point is not germane. It is not whether Apple “can” do it or not, it is whether or not they can be “compelled” to do it. Programming has been held to be protected speech and the First Amendment precludes compelling speech contrary to the individuals position. Ex: A court cannot compel someone to say “Red is my favorite color” when their favorite color is blue. Further, Judge Orenstein concluded the government had not demonstrated that the All Writs Act has the power to compel in this case. AWA is not a tool to bypass inconvenient law. -ed ]

3/11/2016 Update  DOJ responds in California

The Department of Justice filed a response yesterday (43 page PDF) in the case vs Apple regarding the San Bernardino phone.

The DOJ summary of intent appears to be “Apple must remove the barriers it put on that phone.” (Page 38 of 43 lines 3-4) This makes it appear that barriers are not to be permitted. Is there any further evidence required of the desire for a surveillance state? Many of the phrases used are ad hominem attacks against Apple as well as supporting differing opinions of law. The hearing is scheduled for March 22, 2016. Despite the legal language the document is an interesting read.

The DOJ understates the impact: “The Court’s Order is modest” (Page 9 of 43, line 14) and misleading “It is a narrow, targeted order that will produce a narrow, targeted piece of software capable of running on just one iPhone” (Page 9 of 43, lines 17-18).

“The government and the community need to know what is on the terrorist’s phone” (Page 9 of 43, line 24). If the need is so urgent why was anyone allowed to reset the device password? It has been pointed out many times that the device would have automatically created another backup (to which Apple has already provided access) had someone not changed the password. Wait! The DOJ can see the future: “A forced backup of Farook’s iPhone was never going to be successful” (Page 37 of 43, lines 14-15).

The DOJ states: “Apple’s devices will not run software that is not electronically “signed” by Apple.” (Page 23 of 43, lines 3-4) See this from December 2015. There are many more examples. All of page 33 of 43 appears to be completely oblivious to existing criminal capability. Throughout the document the DOJ repeatedly refers to this “single” phone and never broaches the concept of Pandora’s Box or the un-ringing of a bell. Indeed the concept of establishing a “precedent” appears totally absent from the document. Dr. Weaver’s explanation from 2/17/2016 describes how this would establish such a precedent and make future “security” such in name only.

[ On the other hand, the above is just my opinion. I could be wrong. So could they. -ed ]

In response to the filing

Apple General Counsel Bruce Sewel says the tone of the government brief reads “like an indictment,” adding that in his 30 years as a lawyer he had never “seen a legal brief that was more intended to smear the other side with false accusations and innuendo,” according to media reports of a Thursday conference call with reporters.

Sewell said a number of the government’s charges were groundless, including one that suggests that Apple’s relationship with the Chinese government is different from ones with other countries. Government lawyers, he said, are “so desperate at this point that it has thrown all decorum to the winds.” [ highlighting ours, more at Data Breach Today -ed ]

3/12/2016 Update  Apple not needed to unlock phone?

Edward Snowden slammed the DOJ/FBI repeated claim that only Apple can unlock the San Bernardino iPhone.

Speaking via live stream from Russia he said the FBI is attempting to compel Apple to help unlock the iPhone because it would more time for them to develop the expertise. Snowden said “… hackers do their stuff in their garage … FBI has not invested in any kind of meaningful forensic capabilities.” Snowden had made the same statement (in less polite language) earlier. See article. The statement is at about the 30 minute mark on the accompanying video. More at CBS/Marketwatch

3/13/2016 Update  Apple isn’t alone, a Senator changes mind

Timing, other encryption in service, futility and a US Senator.

We were not alone in questioning why the Department of Justice was working so hard to access phone of a dead criminal who, based on non-telephone evidence, acted alone. The quote below was provided in response to the anticipated WhatsApp court case and appears to apply to the San Bernardino case as well.

“The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them,” said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. “They’re waiting for the case that makes the demand look reasonable.” [ source, highlighting ours -ed ]

Other applications use encryption may become part of the controversy between personal privacy and a surveillance state. One is WhatsApp which recently added encryption end-to-end to messages and phone calls over the Internet. There appears to be a wiretap order under seal, somewhere. End-to-End means that the intermediate handlers (the services) don’t have a readable, or listenable, version. It was that server-side information that had been provided many times by multiple companies. Now they can’t provide what they don’t have. The founder of WhatsApp, Jan Koum, is from Ukraine where fears of government eavesdropping were well founded. It was that fear for civil rights in countries with repressive governments that lead the Open Technology Fund to provide over $2 million to help develop the encryption used in WhatsApp. Where is OTF? Washington, DC.

In this 18-minute video from Last Week Tonight the topic was encryption. Worth watching in its entirety here are a few highlights.

11:38 A box you can purchase on line that you can plug into an iPhone (iOS8 or lower) and crack the password in seconds.

13:14 Telegram, an app that uses end-to-end encryption, passed 100 million users in February 2016. On a daily basis they process an astonishing 15 billion messages a day.

13:28 Of the 865 encryption products available 546 of them are from companies outside the United States.

14:39 The futility of attempting to stop the use of encryption caused a US senator to actually change their mind on the topic.

Lastly as for the current case being “narrow”, the Manhattan District Attorney reports 175 other Apple phones waiting. That is just one jurisdiction, albeit a very populous one.

3/13/2016 Update  A good summary

Using cryptography is made easy by those who understand it. Why cryptography exists and who controls it isn’t so easy. Deliberately weakened security, such as Juniper Networks (start here) which was weakened by government action, came back to expose more against the interests of the same government. What misconceptions confuse the issue? What should our policy be? Who is working for whose interests? See Tech Crunch.

3/14/2016 Update  President @SXSW & Response

The Presidents SXSW speech & Equal Time

A few days ago President Obama appeared at South By South West and spoke on encryption where he described a two extremes of cryptography being “Strong” and “None” and a middle ground where cryptography could be part of either extreme. He posed these questions: “Then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available to do even simple things like tax enforcement?” Lastly the President described those who didn’t agree with him as “phone fetishists”. More at Boing Boing.

[ The presented concept of encryption presupposes a sliding scale between 100% and 0%, but cryptography is more like two absolute extremes without a middle ground. It is either secure or not. Similarly there is no such thing as “very unique”, it is or it isn’t. A more common equivalent is being “a little bit pregnant”. Can’t happen. Either is or isn’t. As for crime: how were child pornographers apprehended before? The “fetishist” comment is an ad hominem attack and generally a sign of an argument failed on the merits. -ed ]

In response is John McAfee, a candidate for President. Here are just a few points from his contribution to Business Insider.

I cannot accept the possibility that a sitting US president would willingly and knowingly hand our country over to our enemies, lock, stock, and barrel. … Yet, President Obama, in his speech at SXSW, is suggesting that we do exactly that by creating backdoors into encryption.

… privacy versus security … pales to utter insignificance compared to the real issue: ease of access to criminal activities by our government versus the total annihilation of America by China, Russia or any other hostile state that will be given access to all of America’s secrets through that same backdoor.

For here is the issue: Any master key or backdoor to software or encryption that is given to the US government will reside in the hands of our enemies within a matter of weeks of its creation. This is an absolute truth no cybersecurity expert can deny. And I cannot accept that our sitting president understands this and is still willing to carry it out. I will not accept it.

The implication, then, is this: Either Obama’s cybersecurity advisers are incompetent beyond all measure or our enemies have succeeded in planting subversive agents at the highest level of our government. To assume the latter requires more courage than I possess, so I must assume, no matter how shocking it sounds, that Obama’s cybersecurity advisers have not kept up with the dynamic and rapidly evolving landscape of the world of cybersecurity. It would partially explain, at least, why the US is hopelessly behind China and Russia in cybersecurity. [ there is more at the source, emphasis ours -ed ]

3/15/2016 Update  Sheriff will arrest Tim Cook if …

Sheriff Grady Judd is downright unhappy with Apple’s Tim Cook.

In Polk County (central Florida, east of Tampa and west of Cape Canaveral) there was a press conference about the arrest of three accused of first-degree murder. Apparently the accused took pictures of the body and displayed them while bragging. They have provided their passcodes to the non-Apple phone. A member of the press asked Sheriff Judd about Apple’s refusal to hack the San Bernardino phone. He said “I can tell you, the first time we do have trouble getting into a cell phone, we’re going to seek a court order from (sic) Apple. And when they deny us, I’m going to go lock the CEO of Apple up … I’ll lock the rascal up.”

[ Source. Emphasis in the quote is ours. Given the trend in obfuscation and circumlocution we admire Sheriff Judd’s clarity. We think he meant a court order for Apple. -ed ]

3/16/2016 Update  Apple Returns Fire

Apple fires back at Department of Justice with a response filing (33 page PDF) prior to a March 22, 2016 hearing before Judge Pym. Apple writes: “Indeed, the Justice Department and FBI are asking this Court to adopt their position even though numerous current and former national security and intelligence officials flatly disagree with them.” (Filing page 9 lines 5-7). Which raises a question: What is so different about the sitting security and intelligence communities that is so different from their immediate predecessors and their forebears? Apple also writes that a determination with such wide-sweeping implications should not be made in a vacuum. More discussion at Data Breach Today.

3/20/2016 Update  FYI: ProtonMail

ProtonMail ends 2 year beta and opens registration to all. End-To-End encryption means that what they don’t have governments can’t get. See story.

3/21/2016 Update  New vulnerability found

A new Apple iOS vulnerability was found which could create an “alternative” making it more difficult for the Department of Justice to support a position that the All Writs Act applies.

3/21/2016 Update  DOJ requests delay

The Department of Justice requested a delay the day before Magistrate Judge Sheri Pym was to reconvene in US vs Apple Computer. The request was to evaluate the potential of a new hacking method which, if successful, makes the All Writs Act no longer applicable. The DOJ was not specific about who approached investigators with that method, or what the method is. It might be the new vulnerability disclosed this morning. Judge Pym granted the motion for delay late Monday 3/21/2016. More at NY Times

[ If successful then this current case may be dismissed which leaves the issue open. It might have been better had Judge Pym ruled. In one sense this specific case may be over. In another the can may be kicked down the road until the DOJ tries again. -ed ]

3/22/2016 Update  Amnesty International says

Encryption: A Matter of Human Rights was released (41 page PDF) and says people everywhere should be able to encrypt their communications and personal data as an essential protection of their rights to privacy and free speech. They warn against attempting to forcing the creation of a “backdoor” as these measures violate international human rights law because they indiscriminately undermine the security of the communications and private data of anyone using the software. “There can be no backdoor to human rights.” More at …

3/23/2016 Update  FBI assistance coming from …

Unconfirmed that Cellebrite, a provider of mobile software from Israel according to Israeli YNetNews may be providing assistance. In support, two days ago the FBI awarded them $15,278.02 according to the Federal Procurement Data System (FDPS). More at The Hacker News.

[ if true, this is nice of them considering we’ve been hacking their drones since at least 2009. -ed ]

3/28/2016 Update  DOJ to close case

The Department of Justice has announced it has cracked the San Bernardino iPhone without Apple’s assistance and will request the case be dismissed. Source

[ The downside is that the request generated considerable expense based on the DOJ statement that only Apple could do it. Because no decision will be made an attempt to invoke the All Writs Act can be tried again, and again, and again. -ed ]

3/29/2016 Update  One way

This article describes a technique where a single chip is removed and the iPhone is connected to another chip that works a different way. The end result is that after a failed attempt to access the passcode, the system state is reset to the same as just before the attempt. In this way the counter increments for the attempt and is reset back to zero. Was this tried?

[ received from a tin-foil hat wearing conspiracy theorist (the person’s own description):

The FBI had already cracked the phone and found nothing. So they arranged for San Bernardino police to “accidentally” reset the password for the purpose of compelling Apple to write super-code using the All Writs Act as a cudgel. The day before the judge was to reconvene, the DOJ, recognizing somehow that they were going to lose, arranged to have someone claim to crack the phone, get a recess, then, citing “success”, end the case. Because of an “ongoing investigation” they won’t reveal that there was nothing in the phone. The case is withdrawn, no decision made, no precedent set, and they get to try again. Sort of reminds me of the curious absence of bin Laden’s body. [ paraphrased and spelling corrected – ed ]

We asked to cite this person as a source and got back a URL for a TED talk by Will Potter on “secret US prisons” for political dissidents from August 2015 (14m 55s). We took that to mean no. If the video hadn’t been from TED I would have expected to see more tin hats in the audience. -ed ]

3/31/2016 Update History of US attempts to compel tech companies

An investigative journalist found many attempts made outside public scrutiny.

In almost two dozen states since 2006, 60+ attempts have been made to use to All Writs Act to compel companies to perform in cases deriving not from terrorism, but from counterfeiting, drug trafficking and others. Any stated position that a single action is “small” is misleading at best. Some of the court orders were obtained “under seal” away from the prying eyes of the press and the public. To see the case citations select “Display the table” below the map displayed at the top of the article.

[ “Secrecy begets Tyranny” and “Upon what meat doth this our Caesar feed that he is grown so great” Julius Caesar by William Shakespeare Act 1, Scene 2, page 7 source -ed ]

4/07/2016 Update  FBI limitations & new worries

The FBI says the hack used on the San Bernardino phone won’t work on the more recent models specifically the 5S, 6S and 6S+. The rising concern now is not the device, but the service as WhatsApp moves to end-to-end encryption by default for its estimated one billion users world wide. Actually “End-to-end encryption is always activated, provided all parties are using the latest version of WhatsApp. There is no way to turn off end-to-end encryption.” more at The Hacker News.

[ A question: If Cellebrite was indeed the solution at an estimated $16k how much did the Department of Justice spend on the San Bernardino case alone? -ed ]

4/14/2016 Update  FBI vs Encryption – a decade ago

In newly declassified and released records shows the FBI, then under Director Robert S. Mueller, obtained judicial permission to surreptitiously install software on a suspect’s computers to record keystrokes to get around encryption. That was in 2003. The use, but not the success, failure, or details of how were obtained via the FOIA. It raises another question. The Justice Department is required to report encryption in a criminal wiretap case. Yet in 2002 and 2003 there was no report. Yet there was a case.

In December 2002 an FBI email included “The current terrorism prevention context may present the best opportunity to bring up the encryption issue”. The “Patriot Act 2” contained a provision that would have outlawed encryption to conceal criminal activity. PA2 didn’t pass.

The battle on the public front may have started in 2008 with the “Going Dark” campaign whose goal was to require companies to provide government access to data in unencrypted form. More at NY Times.

[ “outlawing encryption to conceal criminal activity” creates its own conundrum. The company says the activity is legal. Law enforcement says the activity is criminal. So the company has to prove its innocence by exposing the information it seeks to protect. Sounds like a backdoor usable at anytime given a presumption of not(innocent). -ed ]

4/15/2016 Update  RCMP had the BlackBerry key

Since 2010 BlackBerry provided a master backdoor to law enforcement according to Vice. BlackBerry in the “corporate” environment uses a company specific key created by their own corporate servers. The non-corporate users all use a single key. How did the RCMP get the key? Do they still have it? The report does not say. The court case from 2011 appears to have been carefully phrased to avoid indicating they had the key.

4/16/2016 Update  Nothing on San Bernardino phone

A few days ago CBSNews reported nothing significant has been found with the trailing modifier “so far”.

[ In an editorial comment on 3/29/2016 we reported from a self-described tin-foil hat wearer who anticipated there would be nothing on the phone, but that would never been confirmed. Just because he wore an odd hat does not make him wrong. He got the fact right (no data) and the conspiracy theory (never confirmed) wrong.

Considering the two suspects destroyed two other phones and had plenty of time to destroy the third it was foreseeable there was nothing of value on it. Even so, being thorough, the attempt was good investigative technique, but the courtroom battle was expensive, and not just in dollars. Considering less than $20k bought a solution (or did it?) that would have been less expensive in dollars and the negative publicity. -ed ]

4/17/2016 Update  Who cracked what?

The Washington Post reported the services of the Israeli firm Cellebrite were not used, but the timing of the payment wasn’t explained away. Nor were the actual hackers identified. There are a number of security and privacy experts seeking government disclosure of the vulnerability information so Apple can fix it. This leaves federal law enforcement without a useful tool to crack that class of iPhones. So, are all Apple consumers going to be left vulnerable? Or, is the responsibility of law enforcement to protect the consumers?

There is a Vulnerability Equities Process (14 page PDF) that describes the manner in which discussion can be held on making that determination, but for the moment, the decision remains with FBI director Comey.

Data Breach Today reports that the Washington Post Story raises more questions about its answers.

Dan Guido, CEO “Trail of Bits” (a security research and incident response firm): “I’m not believing a word of this until I see proof … Unidentified anonymous sources contradicting all prior evidence?”

Robert Graham, heads “Errata Security” (research firm): all anonymous sources typically have one of three agendas: “a) personal politics b) government propaganda c) whistleblowing.”

[ So, what really happened to raise all that dust and consume all those resources? Did someone “arrange” for San Bernardino police to “accidentally” reset the password for the purpose of compelling Apple to write super-code using the All Writs Act as a cudgel? Did the DOJ, recognizing somehow that they were going to lose, arranged to have someone claim to crack the phone, get a recess, then, citing “success”, end the case? Will we ever know? -ed ]

4/21/2016 Update  Hacker Paid $1+M to crack iPhone

The FBI won’t tell Apple how the hack was accomplished. All users of that iPhone remain vulnerable. More at CNN

[ What a conundrum. Telling Apple leads to a patch to protect millions of taxpayers who use the same model from the same hack. “To Serve and Protect” is the purpose of law enforcement, right? Yet, that makes that million dollar fee have a limited use. Does chasing crooks this way make the law abiding at greater risk? That balance was one reason why high speed chases are discouraged. (1990 National Institute of Justice (38 page PDF), 1991, 2015). Too many police and bystanders were being injured and killed. The risk to the public is higher than the benefit of catching most crooks. Maybe this is not life-and-death, but one crook can wreck many lives and there is a protection being withheld by those who are supposed to protect us. -ed ]

4/23/2016 Update  Switching Sides

When in office Michael V. Hayden of the NSA and Michael Chertoff of DHS were responsible for domestic surveillance programs that collected billions of records. Now they, and more than a few others, are out of government, apparently changed sides and favor consumer protection. Why? See NT Times

4/27/2016 Update  FBI discloses iPhone flaw, not that one

Citing the Vulnerability Equities Process (VEP) for reviewing flaws and deciding which ones should be made public, the FBI has revealed to Apple a vulnerability. Not helpful today. Apple had already secured it with a patch nine months ago with iOS 9 for iPhones and OS X El Capitan for Mac.

Was that the vulnerability used to crack the San Bernardino iPhone? No. It was another one. So why isn’t this other vulnerability being submitted for review under VEP and potential disclosure? According to FBI Director Comey, they are still assessing whether to submit it for review or not. The argument is that the tool remains the still-as-yet-unnamed third-party’s intellectual property. More at The Hacker News

[ Umm software developed under contract is generally property of the payer, yes? -ed ]

4/20/2016   SS7 protocol hacks Congressman

The same vulnerability described back in 2014 was used to hack a Congressman. For more see this story

5/03/2016   Stingrays for National Security & Serious Crime

Police don’t like talking about portable cell site simulators (Stingrays) that trick all nearby phones into giving up their identification and location. Why? First it is a “national security” issue. Second, the company that gets paid big bucks for the equipment requires non-disclosure agreements. Montgomery County Police spokesman Captain Paul Starks: “We absolutely use it to go after the worst criminals or the worst criminal offenses. We use it for violent felonies and do not use it for minor crimes and property crimes.”

Not so much. Capital News Service of Maryland found that until October 2014 Maryland police were not required to show probable cause to use Stingrays. Imposed secrecy prevent defendants from determining if the device was used properly. Without disclosure a proper defense is prevented and Fourth Amendment protections against improper search and seizure can be raised. Some cases are thrown out rather than disclose how the defendant was located.

So how was the Stingray used in a Maryland case of about $60 worth of stolen chicken wings? Despite the hundred-thousand-dollar-plus tool that crook may have escaped by using a cheap and disposable phone. See also Naked Security / Sophos

5/05/2016   FBI to Cops: “recreate” evidence

A September 2014 letter (2 page PDF) from FBI special agent James E. Finch to Chief Bill Citty of the Oklahoma City Police Department says “Information obtained through the use of the equipment is FOR LEAD PURPOSES ONLY … [ and ] may not be used as primary evidence in any affidavits, hearings or trials. This equipment provides general location information about a cellular device, and your agency understands it is required to use additional and independent investigative means and methods, such as historical cellular analysis, that would be admissible at trial to corroborate information concerning the location of the target obtained through the use of this equipment.” More at The Intercept.

[ Essentially: after providing the lead, the police have to go back and find other admissible evidence, sometimes called “parallel construction”, to present at trial and not to mention the FBI services. The defense has no opportunity to question the original lead because it is never disclosed by the prosecution. Concealing such facts is sometimes called “prosecutorial misconduct” or failure to disclose evidence. Doing so risks the case being dismissed, either “with prejudice” (can’t ever be retried) or “without prejudice” (the case can be retried). What a sad choice, convict a criminal with misconduct or let them go. -ed ]

7/13/2016  Stingray without warrants – tossed

Yesterday, U.S. District Judge William Pauley (Southern District of New York, in Manhattan NY) suppressed evidence. Why? The DEA used a StingRay without a warrant in violation of the Fourth Amendment. The judge was extraordinarily clear when he wrote “Absent a search warrant, the government may not turn a citizen’s cell phone into a tracking device.” (source: First full paragraph on page 6 of a 16 page PDF) More at NY Times and Reuters.

 
 

Year links page
Return to References page